CVE-2012-3446
published 2012-11-04CVE-2012-3446: Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's…
medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | libcloud | < 0.11.0 | 0.11.0 |
| apache | libcloud | >= 0 < 0.5.0-1.1 | 0.5.0-1.1 |
| apache | libcloud | >= 0 < 0.5.0-1.1 | 0.5.0-1.1 |
| apache | libcloud | >= 0 < 0.5.0-1.1 | 0.5.0-1.1 |
| apache | libcloud | >= 0 < 0.5.0-1.1 | 0.5.0-1.1 |
| debian | libcloud | < libcloud 0.5.0-1.1 (bookworm) | libcloud 0.5.0-1.1 (bookworm) |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.9MEDIUM